1. Technical Field
The present invention relates in general to the field of Web-based applications that include remote portlets, and more particularly to a method of and system for enforcing authentication strength for accessing remote portlets.
2. Description of the Related Art
Web-based applications have become very popular. One type of Web-based application may be created using the Web Services for Remote Portlets (WSRP) standard. According to the WSRP standard, producers host portlets that perform various functions, and provide those portlets to consumers using a web service interface. Consumers integrate portlets provided by a producer as remote portlets, such that they can be used as if deployed locally. Users access the remote portlets in the context of portal pages or applications from the consumers. The WSRP standard basically defines the web service interface for the communication of consumers and producers to allow interoperability between different suppliers.
A problem with current Web-based applications using remote portlets is security. Remote portlets are assets that may contain or provide access to valuable, proprietary or otherwise sensitive information. Access to secure information or sites is typically controlled through a process of authentication. Various levels of authentication associated to different authentication methods (e.g. user name/password, one time token, certificate) may be required for access depending on the level of protection required for the information. Since the producer provides a portlet to the consumer which in turn provides the portlet to the user, both the consumer and the user need to be authenticated to the producer. However, currently neither authentication strength enforcement nor authentication of both the consumer and the user to the producer are supported in a generic way by the WSRP standard or implementer specific enhancements.